Sign in to follow this  
robbie

TROJ_Generic.Z01

Recommended Posts

Trend Micro Internet Security has picked up a TROJ_Generic.Z01 threat on my computer:

Infected file: Adobelmsvc Installer.dll

Infected file location: C:\Program Files\Adobe\Adobe InDesign CS2\

 

I deleted the infected file (via Trend) and then re-installed the missing file (as InDesign wouldn't open without it) but now the newly installed file is infected. The CS2 discs that I used to re-install the file from are genuine Adobe discs that I purchased 2 years ago.

 

I've done an Ad-Aware AE scan and the scan was completed successfully without any malicious objects detected. Please let me know if you need any further info.

 

Thank you very much in advance for your help.

 

____

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:01:37 PM, on 09-04-20099

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

c:\APPS\HIDSERVICE\HIDSERVICE.exe

C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\system32\svchost.exe

c:\APPS\Powercinema\Kernel\TV\CLSched.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\WINDOWS\system32\keyhook.exe

C:\Apps\Powercinema\PCMService.exe

C:\apps\ABoard\ABoard.exe

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe

C:\apps\ABoard\AOSD.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe

C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe

C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\HP\Digital Imaging\Bin\hpqSTE08.exe

C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe

C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe

C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe

O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"

O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"

O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe

O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog

O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: LUMIX Simple Viewer.lnk = ?

O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?

O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {65F31DBD-290F-44F8-9B18-47F5AE400A04} (RAS_Watch Control) - http://www.gould.edu.au/wildlifecams/RasWatch.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138845419906

O17 - HKLM\System\CCS\Services\Tcpip\..\{20EACA06-B73E-4EAE-862E-6873704F29F7}: Domain = qld.bigpond.net.au

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe

O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe

O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe

O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

O23 - Service: MaxBackServiceInt - Unknown owner - C:\Program Files\Maxtor\Maxtor Backup\MaxBackServiceInt.exe

O23 - Service: MaxSyncService (NTService1) - - C:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe

O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~3\TmPfw.exe

O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

 

--

End of file - 14065 bytes

Share this post


Link to post
Share on other sites
Hi

 

Upload the file to http://www.virustotal.com to see what results the scanners there give to you.

 

 

Hi Blade81

 

Thanks heaps for assisting me with this problem.

 

I've uploaded the file to virustotal as requested and the scanners found nothing. When I browsed for the file and clicked on it to upload, Trend Micro Internet Security popped up another warning that the file is infected....weird!

 

The report from virustotal is below:

 

 

File Adobelmsvc_Installer.dll received on 04.11.2009 15:38:40 (CET)

Current status: finished

 

Result: 0/38 (0.00%)

Compact Print results

Antivirus Version Last Update Result

a-squared 4.0.0.101 2009.04.11 -

AhnLab-V3 5.0.0.2 2009.04.11 -

AntiVir 7.9.0.138 2009.04.10 -

Antiy-AVL 2.0.3.1 2009.04.11 -

Authentium 5.1.2.4 2009.04.10 -

Avast 4.8.1335.0 2009.04.10 -

AVG 8.5.0.285 2009.04.11 -

BitDefender 7.2 2009.04.11 -

CAT-QuickHeal 10.00 2009.04.10 -

Comodo 1110 2009.04.11 -

DrWeb 4.44.0.09170 2009.04.11 -

eSafe 7.0.17.0 2009.04.07 -

eTrust-Vet 31.6.6450 2009.04.11 -

F-Prot 4.4.4.56 2009.04.10 -

F-Secure 8.0.14470.0 2009.04.11 -

Fortinet 3.117.0.0 2009.04.11 -

GData 19 2009.04.11 -

Ikarus T3.1.1.49.0 2009.04.11 -

K7AntiVirus 7.10.700 2009.04.11 -

Kaspersky 7.0.0.125 2009.04.11 -

McAfee 5580 2009.04.10 -

McAfee+Artemis 5580 2009.04.10 -

McAfee-GW-Edition 6.7.6 2009.04.10 -

Microsoft 1.4502 2009.04.11 -

NOD32 4001 2009.04.11 -

Norman 6.00.06 2009.04.09 -

nProtect 2009.1.8.0 2009.04.11 -

Panda 10.0.0.14 2009.04.11 -

PCTools 4.4.2.0 2009.04.08 -

Prevx1 V2 2009.04.11 -

Rising 21.24.52.00 2009.04.11 -

Sophos 4.40.0 2009.04.11 -

Sunbelt 3.2.1858.2 2009.04.10 -

Symantec 1.4.4.12 2009.04.11 -

TheHacker 6.3.4.0.305 2009.04.10 -

TrendMicro 8.700.0.1004 2009.04.10 -

ViRobot 2009.4.10.1688 2009.04.10 -

VirusBuster 4.6.5.0 2009.04.11 -

Additional information

File size: 287232 bytes

MD5...: 1c56c50381d54aa93e6e128f0aaa4977

SHA1..: eb2b76d35e574904a26ecbeb895fb34fc3d5550b

SHA256: 539a05ca6b5e6b1782a686a6a0a699cf2416009dd83db6b0c7001d6e281b9fce

SHA512: 111354921f1d21778b8f1fa248147b87721a1486c83ae9400bc6b1176bafcac0

ba4bd036922bd56f63cb8b945682d1160809c43b58ee66a868640e8779e32689

ssdeep: 6144:DMSuGPTFd8bedkK3BddznPR8ddZzFVTSHJESSj796l:DMC4ed53nRR8dbyH

JD+7kl

 

PEiD..: Armadillo v1.xx - v2.xx

TrID..: File type identification

Win64 Executable Generic (59.6%)

Win32 Executable MS Visual C++ (generic) (26.2%)

Win32 Executable Generic (5.9%)

Win32 Dynamic Link Library (generic) (5.2%)

Generic Win/DOS Executable (1.3%)

PEInfo: PE Structure information

 

( base data )

entrypointaddress.: 0xf9b1

timedatestamp.....: 0x41de9631 (Fri Jan 07 14:01:21 2005)

machinetype.......: 0x14c (I386)

 

( 5 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x173d6 0x17400 6.63 de0ccada755c2103a11c1fe995587ce4

.rdata 0x19000 0x3df4 0x3e00 5.00 3f4fcacb663e60308fdab3539f7feb8e

.data 0x1d000 0x5570 0x3800 1.91 109d23f5569136e057d99eab1075fea6

.rsrc 0x23000 0x24d38 0x24e00 5.57 382a46cff869f76322b81abcb28138d2

.reloc 0x48000 0x2450 0x2600 5.11 a7fc149ad64eceb4a9a9fddf7d775c0d

 

( 4 imports )

> VERSION.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

> ADVAPI32.dll: CreateServiceA, DeleteService, RegDeleteValueA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegDeleteKeyA, RegCloseKey, RegOpenKeyExA, QueryServiceStatus, OpenServiceA, OpenSCManagerA, ControlService, QueryServiceConfigA, ChangeServiceConfigA, RegEnumValueA, CloseServiceHandle, StartServiceA, SetServiceObjectSecurity, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetAce, GetAclInformation, GetSecurityDescriptorDacl, QueryServiceObjectSecurity, RegCreateKeyExA, RegSetValueExA

> KERNEL32.dll: GetVersionExA, DeviceIoControl, CloseHandle, CreateFileA, GetLastError, GetShortPathNameA, UnmapViewOfFile, MapViewOfFile, CreateFileMappingA, GetFileSize, lstrcmpiA, Sleep, CopyFileA, SetFileAttributesA, DeleteFileA, GetTempFileNameA, MoveFileExA, GetWindowsDirectoryA, CreateDirectoryA, RemoveDirectoryA, GetFileAttributesA, ReadFile, SetFilePointer, GetModuleFileNameA, FreeLibrary, GetProcAddress, LoadLibraryA, GetDriveTypeA, GetLogicalDrives, FindClose, FindNextFileA, FindFirstFileA, lstrlenA, LockResource, SizeofResource, LoadResource, FindResourceA, GetModuleHandleA, CallNamedPipeA, LocalFree, HeapFree, HeapAlloc, GetProcessHeap, GetSystemDirectoryA, LCMapStringW, LCMapStringA, SetEndOfFile, CreateMutexA, WaitForSingleObject, ReleaseMutex, RtlUnwind, RaiseException, GetCurrentDirectoryA, GetFullPathNameA, GetCommandLineA, GetVersion, GetCurrentThreadId, TlsSetValue, TlsAlloc, TlsFree, SetLastError, TlsGetValue, InitializeCriticalSection, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, ExitProcess, SetUnhandledExceptionFilter, GetCPInfo, GetACP, GetOEMCP, WideCharToMultiByte, MultiByteToWideChar, InterlockedDecrement, InterlockedIncrement, TerminateProcess, GetCurrentProcess, HeapReAlloc, HeapSize, WriteFile, SetHandleCount, GetStdHandle, GetFileType, GetStartupInfoA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, IsBadReadPtr, IsBadCodePtr, GetStringTypeA, GetStringTypeW, SetStdHandle, FlushFileBuffers

> USER32.dll: KillTimer, EndDialog, SetTimer, GetDlgItem, SetWindowTextA, DialogBoxParamA

 

( 21 exports )

CdaSysGetCurrentBranding, CdaSysGetLastError, CdaSysGetTrackedErrors, CdaSysInstall, CdaSysInstallByShell, CdaSysInstallEx, CdaSysInstallExAdv, CdaSysInstallForProduct, CdaSysInstallForProductEx, CdaSysLicenseUninstall, CdaSysLicenseUninstallType, CdaSysModifyConfig, CdaSysModifyServiceDescription, CdaSysQueryInstalledProducts, CdaSysUnInstall, CdaSysUnInstallLicense, CdaSysUninstallExAdv, CdaSysUninstallForProduct, CdaSysUninstallLicenseType, UninstInitialize, UninstUnInitialize

 

RDS...: NSRL Reference Data Set

 

( Adobe Systems Incorporated )

 

> Creative Suite 2 Premium: _C2AA5122BCF444879B6D2F51D46220E0

Share this post


Link to post
Share on other sites

Hi

 

Quite likely that finding is a false positive since none of the scanners detected it (even Trend Micro's one didn't see anything bad). Guess you may put the file on ignored list.

Share this post


Link to post
Share on other sites
Hi

 

Quite likely that finding is a false positive since none of the scanners detected it (even Trend Micro's one didn't see anything bad). Guess you may put the file on ignored list.

 

 

Hi Blade81

 

Glad to here there's no infection! Thanks again for your help.

 

Love your work!

 

warmest regards, Robbie.

Share this post


Link to post
Share on other sites

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :P

 

If you're the topic starter, and need this topic reopened, please contact the staff member who was helping you with your issue.

 

Everyone else please begin a New Topic.

 

Thank you !

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this